tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: umask and SecurityListener
Date Wed, 21 Mar 2018 09:04:11 GMT
On 21/03/18 03:43, Christopher Schultz wrote:
> All,
> 
> The SecurityLogger seems to want a umask in environments where it makes
> sense. But the line of catalina.sh that sets the JVM system property to
> pass the umask into the launching JVM is commented-out.
> 
> It would be best not to have to modify one's own catalina.sh file in
> order to enable the UMASK value-transfer.
> 
> So I started writing a patch for catalina.sh with another environment
> variable that /enables/ sending the umask.
> 
> But it seems that bin/catalina.sh already requires umask (from 8.5.29):
> 
> [269] # Set UMASK unless it has been overridden
> [270] if [ -z "$UMASK" ]; then
> [271]    UMASK="0027"
> [272] fi
> [273] umask $UMASK
> 
> The umask program is expected to be present.
> 
> Then, later:
> 
> [287] # Uncomment the following line to make the umask available when
> using the
> [288] # org.apache.catalina.security.SecurityListener
> [289] #JAVA_OPTS="$JAVA_OPTS
> -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
> 
> It's been like this for 7 years since the listener was first added. Any
> reason not to unconditionally set this JVM system property on startup?

Lines 287-289 pre-date lines 269-273.

>From memory lines 287-289 were left commented out as we didn't want to
break working configurations in a point release.

With the addition of lines 269-273 I agree with uncommenting lines 287-289.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message